forked from Tungstwenty/MasterKeyDualFix
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathREADME
More file actions
19 lines (14 loc) · 922 Bytes
/
README
File metadata and controls
19 lines (14 loc) · 922 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
Master Key dual fix
by Tungstwenty
Fixes 2 separate vulnerabilities that exist on the APK parsing code
that allow signed files to be tampered with.
One of these (bug 8219321)is known as the "Master Key" vulnerability, and can be found
in several places including this one: http://forum.xda-developers.com/showthread.php?t=2359943
The other (bug 9695860) is also related with Zip (or APK) files parsing and although it's been
fixed by Google on the codebase (https://android.googlesource.com/platform/libcore/+/9edf43dfcc35c761d97eb9156ac4254152ddbc55),
it's likely to take even longer to reach the stock roms (if ever).
Follow this thread for additional info: http://forum.xda-developers.com/showthread.php?t=2365294
This project uses:
- Xposed framework, by rovo89
- Original code snippets from AOSP
- Icons generated with Android Asset Studio: http://android-ui-utils.googlecode.com/hg/asset-studio/dist/index.html